Созданные ответы форума
-
Сообщения
-
Сделала все. как Вы написали. Вот log:
ComboFix 10-08-07.01 — Елена 09.08.2010 10:09:55.2.1 — x86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.510.211 [GMT 3:00]
Running from: c:documents and settingsЕленаРабочий столComboFix.exe
Command switches used :: c:documents and settingsЕленаРабочий столCFScript.txt
AV: Антивирусная система Eset NOD32 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Created a new restore point
* Resident AV is active.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
..
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
Legacy_FTGFBK
Service_ftgfbk((((((((((((((((((((((((( Files Created from 2010-07-09 to 2010-08-09 )))))))))))))))))))))))))))))))
.2010-08-07 20:23 . 2010-08-07 20:23
d-sh—w- c:documents and settingsЕленаUserData
2010-08-07 05:41 . 2010-08-07 06:39
d
w- c:program filestrend micro
2010-08-07 05:41 . 2010-08-07 05:41
d
w- C:rsit
2010-08-06 07:55 . 2010-08-06 08:01
d
w- c:documents and settingsЕленаApplication DataUDC Profiles
2010-08-06 07:54 . 2010-03-18 19:27 24440 —-a-w- c:windowssystem32udcpm.dll
2010-08-06 07:54 . 2010-08-06 07:54
d
w- c:program filesUniversal Document Converter
2010-08-04 18:40 . 2010-08-07 20:14
d
w- c:program filesURLToolBHO
2010-08-04 18:29 . 2010-08-04 18:48
d
w- c:documents and settingsЕлена.PDFStudio
2010-08-04 18:28 . 2010-08-04 18:29
d
w- c:program filesPDFStudio
2010-08-02 22:44 . 2010-08-02 22:45
d
w- c:documents and settingsЕленаLocal SettingsApplication DataSOTI
2010-08-02 22:44 . 2010-08-02 22:44
d
w- c:program filesSOTI
2010-08-02 16:07 . 2010-08-02 16:07
d
w- c:windowssystem32LogFiles
2010-08-02 16:03 . 2008-04-13 21:26 30592 -c—a-w- c:windowssystem32dllcacherndismpx.sys
2010-08-02 16:03 . 2008-04-13 21:26 30592 —-a-w- c:windowssystem32driversrndismpx.sys
2010-08-02 16:03 . 2008-04-13 21:26 12800 -c—a-w- c:windowssystem32dllcacheusb8023x.sys
2010-08-02 16:03 . 2008-04-13 21:26 12800 —-a-w- c:windowssystem32driversusb8023x.sys
2010-08-02 15:59 . 2010-08-02 16:00
d
w- c:program filesMicrosoft ActiveSync
2010-07-30 15:10 . 2008-02-26 21:31 278528 —-a-r- c:windowssystem32CM102rm.exe
2010-07-30 15:10 . 2006-03-20 22:28 32768 —-a-r- c:windowssystem32c102prop.dll
2010-07-30 15:10 . 2005-03-07 21:29 45056 —-a-r- c:windowssystem32CM102rm.dll
2010-07-30 15:10 . 2001-11-23 19:08 712704 —-a-r- c:windowssystema3d102pu.dll
2010-07-30 15:10 . 2001-11-23 19:08 712704 —-a-r- c:windowssystema3d.dll
2010-07-30 15:09 . 2004-04-14 18:28 315392 —-a-r- c:windowssystemFltr102.dll
2010-07-30 15:09 . 2008-01-04 21:16 1400832 —-a-r- c:windowssystem32driversCM102.sys
2010-07-30 15:08 . 2008-02-25 21:21 274432
r- c:windowsCmi102Uninstall.exe
2010-07-30 15:08 . 2010-07-30 15:08
d
w- c:program filesUSB Audio Device
2010-07-19 14:01 . 2010-07-19 14:01 503808 —-a-w- c:documents and settingsЕленаApplication DataSunJavaDeploymentSystemCache6.046f84c6ae-22afc385-nmsvcp71.dll
2010-07-19 14:01 . 2010-07-19 14:01 499712 —-a-w- c:documents and settingsЕленаApplication DataSunJavaDeploymentSystemCache6.046f84c6ae-22afc385-njmc.dll
2010-07-19 14:01 . 2010-07-19 14:01 348160 —-a-w- c:documents and settingsЕленаApplication DataSunJavaDeploymentSystemCache6.046f84c6ae-22afc385-nmsvcr71.dll
2010-07-19 14:01 . 2010-07-19 14:01 61440 —-a-w- c:documents and settingsЕленаApplication DataSunJavaDeploymentSystemCache6.0505535ab32-7c6176fe-ndecora-sse.dll
2010-07-19 14:01 . 2010-07-19 14:01 12800 —-a-w- c:documents and settingsЕленаApplication DataSunJavaDeploymentSystemCache6.0505535ab32-7c6176fe-ndecora-d3d.dll
2010-07-15 04:38 . 2010-07-15 04:38
d
w- c:documents and settingsЕленаApplication DataAhead
2010-07-12 14:05 . 2010-07-12 14:05 664 —-a-w- c:windowssystem32d3d9caps.dat.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-09 07:19 . 2010-01-14 20:40
d
w- c:program filesNetwork Assistant
2010-08-07 15:40 . 2010-01-14 19:53
d—h—w- c:program filesInstallShield Installation Information
2010-08-02 22:52 . 2010-01-15 21:48
d
w- c:program filesDownload Master
2010-08-02 16:22 . 2008-04-15 12:00 80802 —-a-w- c:windowssystem32perfc019.dat
2010-08-02 16:22 . 2008-04-15 12:00 478144 —-a-w- c:windowssystem32perfh019.dat
2010-07-28 15:37 . 2010-07-07 15:55
d
w- c:documents and settingsAll UsersApplication DataMicrosoft Help
2010-07-28 11:16 . 2010-01-14 20:30 68832 —-a-w- c:documents and settingsЕленаLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2010-07-12 09:38 . 2010-02-11 11:20
d
w- c:program filesARM ZVIT
2010-07-11 20:06 . 2010-01-23 20:50
d
w- c:documents and settingsЕленаApplication DataEncyclopedia of Patience
2010-07-09 18:52 . 2010-07-09 18:10
d
w- c:program filessotr269
2010-07-09 16:00 . 2010-07-09 15:55
d
w- c:program filesfxlib9
2010-07-07 16:03 . 2010-07-07 16:03
d
w- c:program filesMicrosoft Works
2010-07-07 16:03 . 2010-01-16 01:16
d
w- c:program filesMSBuild
2010-07-07 16:01 . 2010-07-07 16:01
d
w- c:program filesMicrosoft.NET
2010-07-07 15:56 . 2010-07-07 15:56
d
w- c:program filesMicrosoft Visual Studio 8
2010-07-06 16:39 . 2010-07-06 16:39
d
w- c:program filesGames
2010-07-02 06:16 . 2010-01-16 17:43
d
w- c:program filesCommon FilesJava
2010-07-02 06:13 . 2010-01-16 17:43
d
w- c:program filesJava
2010-06-25 05:17 . 2010-05-20 13:13
d—a-w- c:documents and settingsAll UsersApplication DataTEMP
2010-05-24 14:01 . 2010-05-24 14:01 503808 —-a-w- c:documents and settingsЕленаApplication DataSunJavaDeploymentcache6.046f84c6ae-101abf6b-nmsvcp71.dll
2010-05-24 14:01 . 2010-05-24 14:01 499712 —-a-w- c:documents and settingsЕленаApplication DataSunJavaDeploymentcache6.046f84c6ae-101abf6b-njmc.dll
2010-05-24 14:01 . 2010-05-24 14:01 348160 —-a-w- c:documents and settingsЕленаApplication DataSunJavaDeploymentcache6.046f84c6ae-101abf6b-nmsvcr71.dll
2010-05-20 15:23 . 2010-01-16 01:17 966648 —-a-w- c:documents and settingsLocalServiceLocal SettingsApplication DataFontCache3.0.0.0.dat
2002-12-11 10:23 . 2010-01-15 22:49 122880 —-a-w- c:program filesinternet explorerpluginsDjVuControl.dll
.((((((((((((((((((((((((((((( SnapShot@2010-08-07_20.15.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-09 07:19 . 2010-08-09 07:19 16384 c:windowsTempPerflib_Perfdata_6b4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-12-22 8716040][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-12-22 8716040][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«AtiTrayTools»=»c:program filesRadeon Omega Driversv2.6.71ATI Tray Toolsatitray.exe» [2005-08-17 457216]
«swg»=»c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe» [2010-05-03 39408]
«Network Assistant»=»c:program filesNetwork AssistantNassi.exe» [2009-05-19 7568896]
«Infium»=»c:program filesQIP Infiuminfium.exe» [2009-10-08 5662720]
«NBJ»=»c:program filesAheadNero BackItUpNBJ.exe» [2005-01-04 1937408][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«SoundMAXPnP»=»c:program filesAnalog DevicesCoresmax4pnp.exe» [2005-05-20 925696]
«AtiPTA»=»atiptaxx.exe» [2005-08-31 344064]
«nod32kui»=»c:program filesEsetnod32kui.exe» [2010-01-14 949376]
«EEventManager»=»c:program filesEPSONCreativity SuiteEvent ManagerEEventManager.exe» [2006-10-12 102400]
«Samsung PanelMgr»=»c:windowsSamsungPanelMgrSSMMgr.exe» [2008-03-03 536576]
«GrooveMonitor»=»c:program filesMicrosoft OfficeOffice12GrooveMonitor.exe» [2006-10-26 31016][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-15 15360]c:documents and settings…«Ґ ѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
BIRTHDAY! millennium.lnk — d:!-„ћљ“њ…ќ’›-!I-ЊЂЊЂ-IBirthdayBirthday.exe [2010-1-15 92160]c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Network Assistant.lnk — c:program filesNetwork AssistantNassi.exe [2010-1-14 7568896][HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\Network Assistant\Nassi.exe»=
«c:\Program Files\QIP Infium\infium.exe»=
«c:\Documents and Settings\Елена\Рабочий стол\U-Net\unet.exe»=
«c:\Program Files\Skype\Plugin Manager\skypePM.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=
«c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE»=
«c:\Program Files\Microsoft Office\Office12\GROOVE.EXE»=
«c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE»=
«c:program filesMicrosoft ActiveSyncrapimgr.exe»= c:program filesMicrosoft ActiveSyncrapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
«c:program filesMicrosoft ActiveSyncwcescomm.exe»= c:program filesMicrosoft ActiveSyncwcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
«c:program filesMicrosoft ActiveSyncWCESMgr.exe»= c:program filesMicrosoft ActiveSyncWCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«1745:TCP»= 1745:TCP:jukuh
«14336:TCP»= 14336:TCP
«26675:TCP»= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync ServiceR1 atitray;atitray;c:program filesRadeon Omega Driversv2.6.71ATI Tray Toolsatitray.sys [22.09.2005 5:48 8576]
R1 nod32drv;nod32drv;c:windowssystem32driversnod32drv.sys [15.01.2010 0:10 15424]
S2 gupdate;Служба Google Update (gupdate);c:program filesGoogleUpdateGoogleUpdate.exe [03.05.2010 13:08 135664]
S2 SSPORT;SSPORT;??c:windowssystem32DriversSSPORT.sys —> c:windowssystem32DriversSSPORT.sys [?]
S3 USBAU;USB Audio Device Interface;c:windowssystem32driversCM102.sys [30.07.2010 18:09 1400832]
.
Contents of the ‘Scheduled Tasks’ folder2010-08-09 c:windowsTasksGoogleUpdateTaskMachineCore.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2010-05-03 10:08]2010-08-09 c:windowsTasksGoogleUpdateTaskMachineUA.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2010-05-03 10:08]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.google.com.ua/
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Settings,ProxyServer = 192.168.11.20:8080
uInternet Settings,ProxyOverride = 192.168.11.1;192.168.11.25;
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: SoftwareMicrosoftInternet ExplorerSearchUrl; ValueType: string; ValueName: ‘; ValueData: ‘; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2Office12EXCEL.EXE/3000
IE: Google ВикиКомментарии… — c:program filesGoogleGoogle ToolbarComponentGoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Закачать ВСЕ при помощи Download Master — c:program filesDownload Masterdmieall.htm
IE: Закачать при помощи Download Master — c:program filesDownload Masterdmie.htm
IE: Передать на удаленную закачку DM — c:program filesDownload Masterremdown.htm
LSP: c:windowssystem32imon.dll
.**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-09 10:20
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(756)
c:windowssystem32Ati2evxx.dll— — — — — — — > ‘lsass.exe'(812)
c:windowssystem32imon.dll
c:program filesEsetpr_imon.dll— — — — — — — > ‘explorer.exe'(2400)
c:program filesRadeon Omega Driversv2.6.71ATI Tray Toolsraphook.dll
c:program filesNetwork AssistantHOOKS.DLL
c:windowssystem32ieframe.dll
c:windowssystem32webcheck.dll
.
Other Running Processes
.
c:windowssystem32Ati2evxx.exe
c:windowssystem32Ati2evxx.exe
c:program filesJavajre6binjqs.exe
c:program filesEsetnod32krn.exe
c:windowssystem32wscntfy.exe
c:program filesMicrosoft ActiveSyncwcescomm.exe
c:progra~1MI3AA1~1rapimgr.exe
c:windowssystem32wbemwmiapsrv.exe
.
**************************************************************************
.
Completion time: 2010-08-09 10:23:53 — machine was rebooted
ComboFix-quarantined-files.txt 2010-08-09 07:23
ComboFix2.txt 2010-08-07 20:18Pre-Run: 3 515 891 712 байт свободно
Post-Run: 3 540 094 976 байт свободно— — End Of File — — A5B1F9E1043D38E4F706F24B2628FD23
Только что попробовала — все папки открываются, проводник работает. Огромное Вам спасибо!!!
Что теперь надо сделать? Надо деинсталлировать Combofix? А WindowsXP-KB310994-SP2-Pro-BootDisk-RUS.exe удалять?Спасибо за Вашу помощь!
Все сделала, как Вы рекомендовали. Вот текст Log.txt:
ComboFix 10-08-07.01 — Елена 07.08.2010 23:07:32.1.1 — x86
Microsoft Windows XP Professional 5.1.2600.3.1251.7.1049.18.510.190 [GMT 3:00]
Running from: c:documents and settingsЕленаРабочий столComboFix.exe
Command switches used :: c:documents and settingsЕленаРабочий столWindowsXP-KB310994-SP2-Pro-BootDisk-RUS.exe
AV: Антивирусная система Eset NOD32 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.c:documents and settingsЕленаApplication DataMicrosoftInternet ExplorerqiPSearchbar.dll
c:program filesCommon Fileskeylog.txt
c:program filesCommon FilesWM
c:program filesINSTALL.LOG
c:program filesURLToolBHOjs.Dll
c:windowssystem32AdmDll.dll
c:windowssystem32lowsec
c:windowssystem32lowseclocal.ds
c:windowssystem32lowsecuser.ds
c:windowssystem32lowsecuser.ds.lll
c:windowssystem32raddrv.dll.
((((((((((((((((((((((((( Files Created from 2010-07-07 to 2010-08-07 )))))))))))))))))))))))))))))))
.2010-08-07 05:41 . 2010-08-07 06:39
d
w- c:program filestrend micro
2010-08-07 05:41 . 2010-08-07 05:41
d
w- C:rsit
2010-08-06 07:55 . 2010-08-06 08:01
d
w- c:documents and settingsЕленаApplication DataUDC Profiles
2010-08-06 07:54 . 2010-03-18 19:27 24440 —-a-w- c:windowssystem32udcpm.dll
2010-08-06 07:54 . 2010-08-06 07:54
d
w- c:program filesUniversal Document Converter
2010-08-04 18:40 . 2010-08-07 20:14
d
w- c:program filesURLToolBHO
2010-08-04 18:29 . 2010-08-04 18:48
d
w- c:documents and settingsЕлена.PDFStudio
2010-08-04 18:28 . 2010-08-04 18:29
d
w- c:program filesPDFStudio
2010-08-02 22:44 . 2010-08-02 22:45
d
w- c:documents and settingsЕленаLocal SettingsApplication DataSOTI
2010-08-02 22:44 . 2010-08-02 22:44
d
w- c:program filesSOTI
2010-08-02 16:07 . 2010-08-02 16:07
d
w- c:windowssystem32LogFiles
2010-08-02 16:03 . 2008-04-13 21:26 30592 -c—a-w- c:windowssystem32dllcacherndismpx.sys
2010-08-02 16:03 . 2008-04-13 21:26 30592 —-a-w- c:windowssystem32driversrndismpx.sys
2010-08-02 16:03 . 2008-04-13 21:26 12800 -c—a-w- c:windowssystem32dllcacheusb8023x.sys
2010-08-02 16:03 . 2008-04-13 21:26 12800 —-a-w- c:windowssystem32driversusb8023x.sys
2010-08-02 15:59 . 2010-08-02 16:00
d
w- c:program filesMicrosoft ActiveSync
2010-07-30 15:10 . 2008-02-26 21:31 278528 —-a-r- c:windowssystem32CM102rm.exe
2010-07-30 15:10 . 2006-03-20 22:28 32768 —-a-r- c:windowssystem32c102prop.dll
2010-07-30 15:10 . 2005-03-07 21:29 45056 —-a-r- c:windowssystem32CM102rm.dll
2010-07-30 15:10 . 2001-11-23 19:08 712704 —-a-r- c:windowssystema3d102pu.dll
2010-07-30 15:10 . 2001-11-23 19:08 712704 —-a-r- c:windowssystema3d.dll
2010-07-30 15:09 . 2004-04-14 18:28 315392 —-a-r- c:windowssystemFltr102.dll
2010-07-30 15:09 . 2008-01-04 21:16 1400832 —-a-r- c:windowssystem32driversCM102.sys
2010-07-30 15:08 . 2008-02-25 21:21 274432
r- c:windowsCmi102Uninstall.exe
2010-07-30 15:08 . 2010-07-30 15:08
d
w- c:program filesUSB Audio Device
2010-07-19 14:01 . 2010-07-19 14:01 503808 —-a-w- c:documents and settingsЕленаApplication DataSunJavaDeploymentSystemCache6.046f84c6ae-22afc385-nmsvcp71.dll
2010-07-19 14:01 . 2010-07-19 14:01 499712 —-a-w- c:documents and settingsЕленаApplication DataSunJavaDeploymentSystemCache6.046f84c6ae-22afc385-njmc.dll
2010-07-19 14:01 . 2010-07-19 14:01 348160 —-a-w- c:documents and settingsЕленаApplication DataSunJavaDeploymentSystemCache6.046f84c6ae-22afc385-nmsvcr71.dll
2010-07-19 14:01 . 2010-07-19 14:01 61440 —-a-w- c:documents and settingsЕленаApplication DataSunJavaDeploymentSystemCache6.0505535ab32-7c6176fe-ndecora-sse.dll
2010-07-19 14:01 . 2010-07-19 14:01 12800 —-a-w- c:documents and settingsЕленаApplication DataSunJavaDeploymentSystemCache6.0505535ab32-7c6176fe-ndecora-d3d.dll
2010-07-15 04:38 . 2010-07-15 04:38
d
w- c:documents and settingsЕленаApplication DataAhead
2010-07-12 14:05 . 2010-07-12 14:05 664 —-a-w- c:windowssystem32d3d9caps.dat
2010-07-09 18:10 . 2008-05-12 18:50 156480 —-a-w- c:windowssystem32VSTwain.dll
2010-07-09 18:10 . 2010-07-09 18:52
d
w- c:program filessotr269
2010-07-09 15:55 . 2010-07-09 16:00
d
w- c:program filesfxlib9
2010-07-09 09:10 . 2010-07-09 09:14
d
w- C:Кремлёвская диета.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-07 18:57 . 2010-01-14 20:40
d
w- c:program filesNetwork Assistant
2010-08-07 15:40 . 2010-01-14 19:53
d—h—w- c:program filesInstallShield Installation Information
2010-08-02 22:52 . 2010-01-15 21:48
d
w- c:program filesDownload Master
2010-08-02 16:22 . 2008-04-15 12:00 80802 —-a-w- c:windowssystem32perfc019.dat
2010-08-02 16:22 . 2008-04-15 12:00 478144 —-a-w- c:windowssystem32perfh019.dat
2010-07-28 15:37 . 2010-07-07 15:55
d
w- c:documents and settingsAll UsersApplication DataMicrosoft Help
2010-07-28 11:16 . 2010-01-14 20:30 68832 —-a-w- c:documents and settingsЕленаLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2010-07-12 09:38 . 2010-02-11 11:20
d
w- c:program filesARM ZVIT
2010-07-11 20:06 . 2010-01-23 20:50
d
w- c:documents and settingsЕленаApplication DataEncyclopedia of Patience
2010-07-07 16:03 . 2010-07-07 16:03
d
w- c:program filesMicrosoft Works
2010-07-07 16:03 . 2010-01-16 01:16
d
w- c:program filesMSBuild
2010-07-07 16:01 . 2010-07-07 16:01
d
w- c:program filesMicrosoft.NET
2010-07-07 15:56 . 2010-07-07 15:56
d
w- c:program filesMicrosoft Visual Studio 8
2010-07-06 16:39 . 2010-07-06 16:39
d
w- c:program filesGames
2010-07-02 06:16 . 2010-01-16 17:43
d
w- c:program filesCommon FilesJava
2010-07-02 06:13 . 2010-01-16 17:43
d
w- c:program filesJava
2010-06-25 05:17 . 2010-05-20 13:13
d—a-w- c:documents and settingsAll UsersApplication DataTEMP
2010-05-24 14:01 . 2010-05-24 14:01 503808 —-a-w- c:documents and settingsЕленаApplication DataSunJavaDeploymentcache6.046f84c6ae-101abf6b-nmsvcp71.dll
2010-05-24 14:01 . 2010-05-24 14:01 499712 —-a-w- c:documents and settingsЕленаApplication DataSunJavaDeploymentcache6.046f84c6ae-101abf6b-njmc.dll
2010-05-24 14:01 . 2010-05-24 14:01 348160 —-a-w- c:documents and settingsЕленаApplication DataSunJavaDeploymentcache6.046f84c6ae-101abf6b-nmsvcr71.dll
2010-05-20 15:23 . 2010-01-16 01:17 966648 —-a-w- c:documents and settingsLocalServiceLocal SettingsApplication DataFontCache3.0.0.0.dat
2002-12-11 10:23 . 2010-01-15 22:49 122880 —-a-w- c:program filesinternet explorerpluginsDjVuControl.dll
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-12-22 8716040][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
«{91397D20-1446-11D4-8AF4-0040CA1127B6}»= «c:program filesYandexYandexBarIEyndbar.dll» [2009-12-22 8716040][HKEY_CLASSES_ROOTclsid{91397d20-1446-11d4-8af4-0040ca1127b6}]
[HKEY_CLASSES_ROOTYandex.Toolbar.1]
[HKEY_CLASSES_ROOTTypeLib{91397D13-1446-11D4-8AF4-0040CA1127B6}]
[HKEY_CLASSES_ROOTYandex.Toolbar][HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«AtiTrayTools»=»c:program filesRadeon Omega Driversv2.6.71ATI Tray Toolsatitray.exe» [2005-08-17 457216]
«swg»=»c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe» [2010-05-03 39408]
«Network Assistant»=»c:program filesNetwork AssistantNassi.exe» [2009-05-19 7568896]
«Infium»=»c:program filesQIP Infiuminfium.exe» [2009-10-08 5662720]
«NBJ»=»c:program filesAheadNero BackItUpNBJ.exe» [2005-01-04 1937408][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«SoundMAXPnP»=»c:program filesAnalog DevicesCoresmax4pnp.exe» [2005-05-20 925696]
«AtiPTA»=»atiptaxx.exe» [2005-08-31 344064]
«nod32kui»=»c:program filesEsetnod32kui.exe» [2010-01-14 949376]
«SunJavaUpdateSched»=»c:program filesCommon FilesJavaJava Updatejusched.exe» [2010-02-18 248040]
«EEventManager»=»c:program filesEPSONCreativity SuiteEvent ManagerEEventManager.exe» [2006-10-12 102400]
«Samsung PanelMgr»=»c:windowsSamsungPanelMgrSSMMgr.exe» [2008-03-03 536576]
«GrooveMonitor»=»c:program filesMicrosoft OfficeOffice12GrooveMonitor.exe» [2006-10-26 31016][HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2008-04-15 15360]c:documents and settings…«Ґ ѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
BIRTHDAY! millennium.lnk — d:!-„ћљ“њ…ќ’›-!I-ЊЂЊЂ-IBirthdayBirthday.exe [2010-1-15 92160]c:documents and settingsAll Usersѓ« ў®Ґ ¬ҐоЏа®Ја ¬¬лЂўв®§ Јаг§Є
Network Assistant.lnk — c:program filesNetwork AssistantNassi.exe [2010-1-14 7568896][HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\Network Assistant\Nassi.exe»=
«c:\Program Files\QIP Infium\infium.exe»=
«c:\Documents and Settings\Елена\Рабочий стол\U-Net\unet.exe»=
«c:\Program Files\Skype\Plugin Manager\skypePM.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=
«c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE»=
«c:\Program Files\Microsoft Office\Office12\GROOVE.EXE»=
«c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE»=
«c:program filesMicrosoft ActiveSyncrapimgr.exe»= c:program filesMicrosoft ActiveSyncrapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
«c:program filesMicrosoft ActiveSyncwcescomm.exe»= c:program filesMicrosoft ActiveSyncwcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
«c:program filesMicrosoft ActiveSyncWCESMgr.exe»= c:program filesMicrosoft ActiveSyncWCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«1745:TCP»= 1745:TCP:jukuh
«14336:TCP»= 14336:TCP
«26675:TCP»= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync ServiceR1 atitray;atitray;c:program filesRadeon Omega Driversv2.6.71ATI Tray Toolsatitray.sys [22.09.2005 5:48 8576]
R1 nod32drv;nod32drv;c:windowssystem32driversnod32drv.sys [15.01.2010 0:10 15424]
S2 ftgfbk;Boot Monitor;c:windowssystem32svchost.exe -k netsvcs [15.04.2008 15:00 14336]
S2 gupdate;Служба Google Update (gupdate);c:program filesGoogleUpdateGoogleUpdate.exe [03.05.2010 13:08 135664]
S2 SSPORT;SSPORT;??c:windowssystem32DriversSSPORT.sys —> c:windowssystem32DriversSSPORT.sys [?]
S3 USBAU;USB Audio Device Interface;c:windowssystem32driversCM102.sys [30.07.2010 18:09 1400832]HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSvchost — NetSvcs
ftgfbk
.
Contents of the ‘Scheduled Tasks’ folder2010-08-07 c:windowsTasksGoogleUpdateTaskMachineCore.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2010-05-03 10:08]2010-08-07 c:windowsTasksGoogleUpdateTaskMachineUA.job
— c:program filesGoogleUpdateGoogleUpdate.exe [2010-05-03 10:08]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.google.com.ua/
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Settings,ProxyServer = 192.168.11.20:8080
uInternet Settings,ProxyOverride = 192.168.11.1;192.168.11.25;
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: SoftwareMicrosoftInternet ExplorerSearchUrl; ValueType: string; ValueName: ‘; ValueData: ‘; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: &Экспорт в Microsoft Excel — c:progra~1MICROS~2Office12EXCEL.EXE/3000
IE: Google ВикиКомментарии… — c:program filesGoogleGoogle ToolbarComponentGoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Закачать ВСЕ при помощи Download Master — c:program filesDownload Masterdmieall.htm
IE: Закачать при помощи Download Master — c:program filesDownload Masterdmie.htm
IE: Передать на удаленную закачку DM — c:program filesDownload Masterremdown.htm
LSP: c:windowssystem32imon.dll
.
— — — — ORPHANS REMOVED — — — —HKLM-Run-Cm102Sound — cm102.cpl
AddRemove-Кремлёвская диета — c:program filesКремлёвская диетаuninstall.exe**************************************************************************
catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-07 23:15
Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0**************************************************************************
.
DLLs Loaded Under Running Processes
— — — — — — — > ‘winlogon.exe'(760)
c:windowssystem32Ati2evxx.dll— — — — — — — > ‘lsass.exe'(816)
c:windowssystem32imon.dll
c:program filesEsetpr_imon.dll
.
Completion time: 2010-08-07 23:18:27
ComboFix-quarantined-files.txt 2010-08-07 20:18Pre-Run: 3 042 390 016 байт свободно
Post-Run: 3 659 907 072 байт свободноWindowsXP-KB310994-SP2-Pro-BootDisk-RUS.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
[operating systems]
c:cmdconsBOOTSECT.DAT=»Microsoft Windows Recovery Console» /cmdcons
multi(0)disk(0)rdisk(0)partition(1)WINDOWS=»Microsoft Windows XP Professional RU» /noexecute=optin /fastdetect— — End Of File — — 723B43FF671DAC7D98A351F0A6D05259
